Fun

News Feed - 2023-09-11 10:09:19

Brayden Lindrea7 hours agoLido assures LDO, stETH tokens remain safe despite flaw in token contractThe “fake deposit” attack enables bad actors to execute a transfer where the requested value is larger than what the user actually owns.2581 Total views21 Total sharesListen to article 0:00NewsJoin us on social networksEthereum staking protocol Lido Finance has assured both Lido DAO (LDO) and staked-Ether (stETH) tokens remain safe despite hackers allegedly exploiting a known security flaw in LDO’s token contract.


Lido didn’t confirm any exploits, but acknowledged the security flaw was known and reassured LDO and stETH funds remain safe in response to a Sept. 10 post by blockchain security firm SlowMist.


SlowMist said LDO’s flawed token contract allows bad actors to facilitate “fake deposit” attacks on exchanges because LDO’s token contract enables users to execute transactions even where they don’t have sufficient funds. This code deviates from the Ethereum Request for Comment 20 (ERC-20) token standard, according to SlowMist.


However, Lido Finance argued the flaw is built into all ERC-20 tokens — not just Lido’s LDO token:This behaviour is expected and conforms to the ERC20 token standard (see tweet below). Both LDO and stETH (and Lido governance) remain safe.

Lido token integration guides will be updated with LDO specifics to make this more visible shortly.— Lido (@LidoFinance) September 10, 2023


SlowMist said the “fake deposit” attacks came from LDO’s token contract executing transfers where the value is larger than what the user actually owns, triggering a false return as opposed to reverting the transaction. While the firm said Lido’s token contract has recently been exploited via this attack, no on-chain evidence was provided.


Cointelegraph reached out to SlowMist for comment but did not receive an immediate response.


Meanwhile, on-chain analyst “Hercules” explained on Sept. 10 that the security flaw may not be picked up by cryptocurrency exchanges.


SlowMist recommends LDO holders to also check the return values of the token contract transfers in addition to the success or failure of a transaction.


The blockchain security firm concluded that token contract implementations and behaviors vary by project and to conduct comprehensive testing before integrating any new tokens.


Related:Ethereum staking services agree to 22% limit of all validators


However, Lido highlighted in the official Ethereum Improvement Proposal document — co-authored by Vitalik Buterin in November 2015 — that both the “transfer” and “transferFrom” functions must return the transfer status and are only recommended to revert a transaction in exceptional cases.ERC20 token standard: https://t.co/YlrS1ZN6Fd

1) Both transfer and transferFrom are required to return transfer status and are only recommended to revert a tx in exceptional cases.

2) The standard says that a caller is obliged to check the return status (see 'Token methods'). pic.twitter.com/6KTcIyxo2F— Lido (@LidoFinance) September 10, 2023


To resolve the security flaw, Lido confirmed that the LDO token integration guides will soon be updated.


Collect this article as an NFTto preserve this moment in history and show your support for independent journalism in the crypto space.


Magazine:DeFi Dad, Hall of Flame: Ethereum is ‘woefully undervalued’ but growing more powerful# Altcoin# Security# Ethereum# Hackers# DAO# ERC-20# DeFi# Staking# Lido DAOAdd reactionAdd reactionRead moreHow to actually spend your Bitcoin, ExplainedCrypto VC: Risk and investment strategies with Shima CapitalHuman vs. AI: Who is better at crypto investing?

News Feed

YouTuber Logan Paul argues CryptoZoo ‘isn’t a scam’ in new documentary
Ezra Reguerra13 hours agoYouTuber Logan Paul argues CryptoZoo ‘isn’t a scam’ in new documentaryLogan Paul said that it was not a scam but a project he was simply “incapable of handling at the time.”7791 Total v
Mad Money’s Jim Cramer Invests in Crypto Because ‘There Could Be Millions of Greater Fools Out There’
Mad Money"s Jim Cramer Invests in Crypto Because "There Could Be Millions of Greater Fools Out There" The host of Mad Money, Jim Cramer, has some advice for crypto investors.
Venezuelan Crypto-Friendly Freelancing Platform Emerges Amid Economic Crisis, US Sanctions
Venezuelan Crypto-Friendly Freelancing Platform Emerges Amid Economic Crisis, US Sanctions More cryptocurrency solutions keep appearing on the scene for Venezuel
Uber’s Latest Awful Idea Delivers Personal Loans to Drivers
Uber may be considering a small personal loan product for its drivers. That might be a good idea for Uber, but is terrible for drivers. | Source: ShutterstockUber may be considering
Coinbase fires back at senators asking SEC to halt crypto ETF approvals
Tom Mitchelhill5 hours agoCoinbase fires back at senators asking SEC to halt crypto ETF approvalsCoinbase chief legal officer Paul Grewal says there’s direct evidence that Ether’s futures and spot markets are just as
US Senators Introduce ‘Lawful Access to Encrypted Data Act’ — With Backdoor Mandate
US Senators Introduce "Lawful Access to Encrypted Data Act" — With Backdoor MandateUS lawmakers have introduced the Lawful Access to Encrypted Data Act to ensure law enforcement c
Revive Project to Revolutionize Crypto Investments and NFTs With Unique Ecosystem
Revive Project to Revolutionize Crypto Investments and NFTs With Unique Ecosystem press release PRESS RELEASE. The Revive Project’s Unique ecosystem offers the crypto communi
South African Central Bank Now Considers Cryptocurrency to Be a Financial Asset
South African Central Bank Now Considers Cryptocurrency to Be a Financial Asset The deputy governor of the South African Reserve Bank (SARB) recently said the institution has chang
Telecom company fined $1M for role in Biden deepfake scam
Amaka Nwaokocha55 minutes agoTelecom company fined $1M for role in Biden deepfake scamThe Biden deepfake scam highlights the risks of emerging tech and the need for regulation to safeguard elections and public trust.334
Russian Court: Bitcoin Theft Not a Crime
Russian Court: Bitcoin Theft Not a CrimeA Russian district court has dismissed bitcoin theft as a crime since cryptocurrency is not regulated in Russia and there is no legal status
Shiba Inu Price Watch: 60% Rally Catches Whale Attention – Is More Growth Ahead?
Este artículo también está disponible en español. Shiba Inu (SHIB) has had a significant surge this week, with its price increasing by over 60% in the last seven days. Th
Australians Can Now Pay for Bitcoin at 3,500 Australia Post Offices
Australians Can Now Pay for Bitcoin at 3,500 Australia Post OfficesAustralian residents can now pay for bitcoin at more than 3,500 national post offices. The new service launched by